中国科学院软件研究所机构知识库
Advanced  
ISCAS OpenIR  > 中科院软件所  > 中科院软件所
题名:
网络对抗中规划识别技术研究
作者: 张卫华
答辩日期: 2007-05-21
授予单位: 中国科学院软件研究所
授予地点: 软件研究所
学位: 博士
关键词: 人工智能 ; 规划识别 ; MAS ; CPN ; 组织 ; 群体 ; 意图 ; 局部可观察性 ; 主动式防御 ; 信息欺骗
其他题名: Researches on Plan Recognition Technology in Network Warfare
摘要: 面对日益复杂网络威胁,本论文就规划识别及其应用的理论和关键技术进行研究,目的在于探索新型的网络安全保障方法,掌握网络对抗主动权。本论文主要取得以下六个方面的研究成果: 一、研究对手模型的意义之一在于:根据对手模型,可以更好地了解对手思维状态,分析对手思维过程,为有针对性地采取措施提供依据。基于网络对抗,本论文提出了一个网络对手模型。该模型由三个子模型组成,即心智子模型、规划子模型、行为子模型,并形式化地分析了网络对手的特征、规划、攻击行为。 二、在Kautz规划识别算法的基础上,利用CPN作为新的规划表示和识别方法。与目前规划识别领域广泛使用的Kautz表示方法相比,新的表示方法更加简便与高效。本章还以多步骤攻击检测作为实例,通过计算行为之间的变迁关系,以重新得到攻击全貌。在此基础上,引入层次模板概念,以兼容更多不同的合作方式,提高识别效率和弹性。 三、组织是群体对抗的主要形式。一个好的组织模型有利于提高规划识别的精度和效率。将封箱演算引入到动态组织建模中,为组织模型的形式化研究提供新的手段。利用封箱演算工具,提出了一种基于角色的层次性组织生成方法;讨论了由于角色变化带来的组织动态调整;模拟了角色的资源和权限的变化。然后,本章提出通过分析群体与个体意图之间的关系,以缩减群体规划识别计算量的可行性。 四、在作战模拟、网络入侵检测和数据挖掘等应用领域中,规划识别常常面临着不确定性的问题。首先,对模糊规划识别方法进行了综述,并提出了CPN中贝叶斯概率的表示方法;然后,在分析贝叶斯网络模型特征的基础上,通过引入量测向量值,提出了基于MAS的多源条件下的规划识别算法;更进一步,为了解决局部可观察性的信息不全或失真问题,引入未观察概率因子,并对搜索空间的扩展和资源的消耗通过阈值进行限制。最后,建立了真实环境下的规划识别过程模型。 五、规划识别研究为进行有针对性的主动式防御提供了可能。分析了几种网络欺骗的方法,提出了主动式防御系统的组成。代价分析有助于主动式防御在提高效能和降低资源占用之间寻找平衡点,在行为选择、效果评价方面具有普遍意义。在分析几种主动式防御方法的前提下,基于状态分析的形式化方法和欺骗技术,提出了一种代价分析的方法,并给出了一个信息诱骗的实例。
英文摘要: In the face of the increasingly complicated threat of network environment, this paper focuses on the study of theories and key technologies of Plan Recognition and its Application in Security. The purpose of the researches is to explore new methods for information security assurance so that we can have the initiative on network warfare. Six main achievements in this paper are as follows: 1、One of the meaning about opponent model research is:we can understand opponent’s mental state better, analyze opponent’s thinking process, so can provide basis for adopting methods. Based on network confrontation, the paper put forward a network opponent model, which is composed of three sub-models: mental sub-model, plan sub-model and behavior sub-model, then formalized describe the characteristics of network adversary mental, the plan of network adversary attack and the changes of network adversary behavior. 2、Based on the Kautz plan recognition algorithm, agent’s belief and intention are analyzed from the action being observed。A new plan formalism method and a CPN concept compared with Kautz’s formalism used widely in plan recognition,this method is simpler and more direct. a method about CPN is introduced to modeling the action of network intrusion detection based on CPN; By matching the relationship of the alerts, it can obtain the stage of the attack. The paper also puts forward the concept of hierarchical template in order to accommodate more cooperate styles, and improve the efficiency and scalability. 3、Organization is the main formalization in group confrontation. A consummate organization model is beneficial for raising recognition’s precision and efficiency. The paper proposes a Role-Based method of forming a hierarchy organization based on Seal-Calculus; provides a new means for research on formalized organization model in dynamic organization; discusses organization dynamic variety because of the role change. Then a improving plan recognition method of agent-group is introduced:by analyses group and individual intention´s relationship,reduces the calculating task of group plan recognition. 4、The problem of undefinition is often confronted in realistic circumstance. Firstly,the paper introduces the fuzzy plan recognition methods,and raises the express method of Bayesian probability in CPN;Secondly,the paper analyses the features of Bayesian networks model for situation assessment, presents a plan recognition algorithms of multi-source via probability of the observations.Go step further, the paper presents a treatment for partial observability for a specific probabilistic plan recognition algorithm, and constrains the search space and runtime impact by thresholds;At last, the paper put forward the plan recognition process model at the real circumstance. 5、Plan recognition researches can contribute to carry on initiative defense affectively. The paper analyses several methods of network cheat, and put forward the component of active defense system. Cost analysis is helpful to find balance point between improving the utility and reducing the resource occupation in initiative defense area, which can be applied to action-choosing and effect-evaluating. Based on state-analysis and cheat technology,an improving scheme was brought out based on several initiative defense methods.By applying the state transition to network defense, the paper puts forward the method and the steps of cost-calculating, a case of inform action deception is also introduced.
语种: 中文
内容类型: 学位论文
URI标识: http://ir.iscas.ac.cn/handle/311060/6194
Appears in Collections:中科院软件所

Files in This Item:
File Name/ File Size Content Type Version Access License
10001_200318015003123张卫华_paper.doc(3385KB)----限制开放-- 联系获取全文

Recommended Citation:
张卫华. 网络对抗中规划识别技术研究[D]. 软件研究所. 中国科学院软件研究所. 2007-05-21.
Service
Recommend this item
Sava as my favorate item
Show this item's statistics
Export Endnote File
Google Scholar
Similar articles in Google Scholar
[张卫华]'s Articles
CSDL cross search
Similar articles in CSDL Cross Search
[张卫华]‘s Articles
Related Copyright Policies
Null
Social Bookmarking
Add to CiteULike Add to Connotea Add to Del.icio.us Add to Digg Add to Reddit
所有评论 (0)
暂无评论
 
评注功能仅针对注册用户开放,请您登录
您对该条目有什么异议,请填写以下表单,管理员会尽快联系您。
内 容:
Email:  *
单位:
验证码:   刷新
您在IR的使用过程中有什么好的想法或者建议可以反馈给我们。
标 题:
 *
内 容:
Email:  *
验证码:   刷新

Items in IR are protected by copyright, with all rights reserved, unless otherwise indicated.

 

 

Valid XHTML 1.0!
Copyright © 2007-2017  中国科学院软件研究所 - Feedback
Powered by CSpace